Do you know the difference between user access reviews and access recertification? They sound like they could be interchangeable, but nothing could be further from the truth. Although both are designed to protect the resources within your information systems (IS), the...
Nearly two years ago, the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) defined their guidelines for risk management related to both information and communication technologies (ICT) and security for the...
EBA/EIOPA: What are the security recommendations for Information and Communication Technology (ICT)? In 2019, the European Banking Authority (EBA) set out to create guidelines about managing risks linked to technology security. These guidelines were...
A tedious requirement for companies For any organization, the user access review is an important practice. As a critical component of your Identity and Access Management (IAM) strategy, this control mechanism ensures that your Information System (IS) users have...
In a previous article on access rights review, we highlighted the differences between periodic and continuous access reviews and how to use each one. The conclusion was that the two approaches serve different purposes and should be seen as complementary. They do not...
Identity is everything now. Every chief information security officer should be asking themselves questions like “do you know who you’re trusting?” and “when did you last validate?”Jay Gazlay, CISA Technical Strategist It is a fact: the notion of identity is a major...
Infrastructure access is not always well understood, controlled or reviewed. IAM/IGA projects generally focus on application rights while neglecting infrastructure access. As a result, it is common to find that accounts and the rights assigned to them accumulate...
Organizations evolve every single day. Some of the changes include the departure of an employee, the arrival of a new colleague, the implementation of an innovative application, and the launch of a project involving external service providers. Each event impacts the...
Brainwave GRC is happy to share this recent exchange with one of our key customers who sings the praises of moving from a manual access review process to a fully automated solution with Brainwave GRC. This article details the company’s experience with added feedback...
Receive monthly news,
tips and helpful hints for managing your identities.